CVE-2023-3266

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 14, 2023

Updated: Aug 22, 2023

CWE ID 400

CWE ID 502

Summary

CVE-2023-3266 is a vulnerability affecting CyberPower PowerPanel Enterprise, where an incomplete authentication mechanism exists. If an attacker manages to select LDAP authentication, they can bypass all authentication checks, allowing unauthorized access to the system. This hidden HTML combo box vulnerability requires the attacker to have at least one valid username, but any password will grant administrator privileges upon successful exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/reoaHh
https://www.cve.org/CVERecord?id=CVE-2023-3266
https://nvd.nist.gov/vuln/detail/CVE-2023-3266

Back to Vulnerability Database

CVE-2023-3266

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations